Banks targeted by SMS phishing scam | ACMA

Cybersecurity

10 February, 2016 09:47 AM

Cybersecurity

Banks targeted by SMS phishing scam

By Editor

.

We are warning all mobile phone users of a persistent and sophisticated SMS phishing campaign currently underway that is targeting mobile banking customers in both Australia and New Zealand.

The SMS messages are short and to-the-point, containing URLs that direct the recipient to a fake mobile banking website, which is almost indistinguishable from the real thing.

The sophistication and scope of the campaign is indicated by the extensive use of internet domains that closely resemble the legitimate domains of Australian and New Zealand banks. Often these domains will be active for only a very short time, replaced shortly thereafter with another ‘plausible’ bank domain.

For example, the ACMA has received reports of SMS targeting ANZ bank customers as follows*

  • Account notification: hXXp://m.anzmobilebank. com/
  • Account notification: Verify your identity hXXp://m.anzmobilebank. com/
  • Account Notification: hXXp://anz-notification. Com
  • Account Notification: hXXp://mobile-anz. Info
  • Dear ANZ Customer, Notification: hXXp://anz-mobile. Center
  • Internal message received: hXXp:/anzmobilebank. com
  • Notification: hXXp://anz-mobile. Center
  • Verify your identity: hXXp:/anzmobilebank. com

If the URL is followed, the customer will be presented with a fake website presenting a series of webpages.

The following screenshots are examples of a current and sophisticated fake ANZ mobile banking website scam. You can see how legitimate each screen looks, especially as they’ve tried to tailor their design to reflect the same ‘look’ and ‘feel’ of the ANZ bank’s branding.

ANZ mobile banking scam screenshot jpg

Many Australian and New Zealand banks are being targeted by this constantly evolving campaign.

It appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success. In the fake ANZ mobile banking website scam, you can see how they have even used a fake ‘loading’ page to simulate standard mobile banking transactions.

We have direct evidence of the extent of the current SMS phishing campaign, thanks to Australian consumers who have received these SMS messages and reported them to our SMS spam reporting number, 0429 999 888. These reports have also enabled us to assess how the technical aspects of the campaign are evolving and how the criminals are progressively targeting different Australian banks. The current list of unique SMS phishes related to this campaign are listed at the end of this blog.

If you have even the slightest concern that you may have inadvertently responded to one of these phishes and passed on your banking credentials or personal information to the criminals behind the campaign, we recommend that you immediately contact your financial institution to seek their advice. We also recommend that you report the incident to the government’s Australian Cybercrime Online Reporting Network.

Useful tips to help stay protected

To help minimise your chances of being duped by these and other phishing campaigns, we recommend that you:  

  • don’t open SMS or emails from unknown or suspicious sources
  • never follow hyperlinks contained in these messages
  • always carefully check the authenticity of a website that requests your user credentials
  • never reuse the same login credentials on any web service
  • where available, use two-factor authentication on your accounts.

We encourage all Australian consumers to forward any suspicious or spam-related SMS messages to our hotline on 0429 999 888.

More information

Visit the Australian Government’s Stay Smart Online website to help educate yourself on the ways you can avoid having your personal information compromised.  

Subscribe to our Cybersecurity news to keep up-to-date with the latest trends from the Australian Internet Security Initiative (AISI). This has a particular focus on malware, phishing and botnet activities.

We also provide statistical information on our other cyber security activities, with detailed trend data on malware reports and service vulnerabilities currently being reported through our AISI program.

SMS messages reported to the ACMA associated with this phishing campaign

You can find a full list of all the SMS messages targeting Australian financial institutions that have been reported to us by Australian consumers below.

We have reported all these SMS messages to each of the affected financial institutions.

ANZ:

  • Account notification: hXXp://m.anzmobilebank. com/
  • Account notification: Verify your identity hXXp://m.anzmobilebank. com/
  • Account Notification: hXXp://anz-notification. Com
  • Account Notification: hXXp://mobile-anz. Info
  • Dear ANZ Customer , Notification: hXXp://anz-mobile. Center
  • Internal message received hXXp:/anzmobilebank. com
  • Notification:  hXXp://anz-mobile. Center
  • Verify your identity http:/anzmobilebank. com

Bank of Queensland:

  • Bank of Queensland Support: Update your profile: hXXp://boq-mobile. Net
  • Message received from BOQ Support hXXp://boq-mobile. Net
  • Dear Bank of Queensland customer, You have received an internal notification. hXXp://boq-mobile. Net
  • Verify your identity hXXp://boq-mobile. net

Bendigo Bank:

  • 1 new Secure Email hXXp://mobile.bendigobank. info
  • Account notification hXXp://bendigo-bank. mobi
  • Account review hXXp://mbendigobank. com
  • Account verification hXXp://mbendigobank. com
  • Customer review  hXXp://mbendigobank. com
  • Dear Customer, You have received a payment. Login Bendigo MobileBank: hXXp://m.bendigo. online
  • New payment received hXXp://mobile.bendigo. online
  • Message received hXXp://bendigo-bank. mobi
  • Notification: Payment received hXXp://mobile.bendigobank. info
  • Payment received. Access your online statement. hXXp://mobile.bendigo. online

GE Money:

  • New payment received hXXp://www.gemoneymobile. net
  • You have 1 message from customer support hXXp://www.gemoneymobile. net

Heritage Bank:

  • Heritage Bank Notification hXXp://heritagebank. mobi

Macquarie Bank:

  • Dear customer, Confirm your mobile phone number: hXXp://macquarie-mobile. com

NAB:

  • Account notification hXXp://mobilebanking.nab-login. com
  • Account notification hXXp://nab-login. com/
  • Account security notification hXXp://nab-login. com/
  • Dear NAB Customer, You have received an internal notification. hXXp://mobile2.nab. direct
  • Dear NAB Customer, You have received an internal notification. hXXp://online.mobilenab. com
  • Dear NAB Customer, You have a new message. hXXp://mobilebanking.nab. direct
  • Dear NAB Customer, You have received a notification. hXXp://mobilebanking.nab. direct
  • Verify your identity: hXXp://nab-mobile. net
  • Notification:  hXXp://mobile-nab. net
  • Internal message received hXXp://mobile.nab. direct
  • Notification:  hXXp://nabmobile. info
  • Notification:  hXXp://www.nab-mobile. net
  • Your online statement is ready hXXp://www.nab-mobile. net
  • Verify your identity: hXXp://nab-m. com
  • Verify your identity hXXp://nab-login. com/

St George:

  • Business account notification #2912 hXXp://stgeorge-mobile. com
  • Dear Business Customer, You have received a new alert from StGeorge Bank  hXXp://stgeorge-mobile. com
  • Dear Customer,  You have received a notification from StGeorge Bank hXXp://bbonline.stgeorge-mobile. com
  • St.George Bank notification #882 hXXp://bbonline.stgeorge-mobile. com
  • StGeorge Bank: account notification #441 hXXp://bbonline.stgeorge-mobile. com

Suncorp Bank:

  • Notification received hXXp://mobile.suncorpbank. net/

 


 

*We have slightly altered the original URLs to protect against inadvertent use of these links.